hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
VincentVega
Sep 9 2003, 05:13 PM
QUOTE

MS03-032: Object Data Vulnerability Test



Test to see if your browser is vulnerable to the latest Microsoft Internet Explorer vulnerability. The vulnerability which is called the "Object Data Vulnerability" allows malicious websites, emails or newsgroup messages to silently download and execute any file on your system.

Secunia has issued an extraordinary alert, which is rated as "Extremely Critical", advising the public and system administrators to patch immediately.

Clicking on the link below will perform a test to verify whether or not you are vulnerable to the Object Data vulnerability reported by eEye.

NOTE:
http-equiv has proved that the MS03-032 Security Bulletin from Microsoft fails to close the "Object Data" vulnerability. This test has been updated to use the latest exploit code as described by http-equiv and GreyMagic.

WARNING:
If you are vulnerable, the Secunia website will execute Internet Explorer on your system and load a new web page.

Disclaimer:
Secunia is not liable for any damage this may cause to your system. Do not perform this test unless you are a system administrator or you are the owner of the system. Performing this test may be a violation of your company's security policy.


To perform the test go here:

hxxp://www.secunia.com/MS03-032/TEST/
Milka
Sep 9 2003, 07:26 PM
wow gr8, now I'm gonna find out how to exactly exploit this shit wink.gif

hmmz is still the same as the other one, nothin more, still can't exe shit without them knowing
gogu258
Sep 10 2003, 03:59 AM
It came too late. Most browsers have patch, including 5.x versions.
wh173r
Sep 10 2003, 11:54 PM
no i have xp pro, ie 6.xx and i am vulnerable
gogu258
Sep 11 2003, 02:15 AM
Yeah, I know. I have Xp and 6.0 without patch or SP1 too and it works but....I made few test on my servers with IE 5.x->6.0 and....surprise...all of them, 100%, have patch.
Ayone can try that , exploit is great but is so hard to find real targets with that.
Why....answer is simple because of M$blaster, now all W have autoupdate "on" so
if your tagret have DSL or other direct connection on net...
Sorry for my poor lng., anyway I think you can understand most important thing.

BTW. xml exploit was found looong time ago by Grey-Magic, long time ago mean on 27-Feb-2002. The new exploit is just a review of it....check link with more info:
http://sec.greymagic.com/adv/gm001-ie/
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.